RE: TS/3389 risk on Internet

From: sk3tch@sk3tch.net
Date: Mon Nov 01 2004 - 18:08:15 EST

• Next message: Rob Shein: "RE: SAP Pen-Test"
• Previous message: Randy Golly: "RE: The business/marketing of pen-testing."
• Maybe in reply to: net sec: "TS/3389 risk on Internet"
• Next in thread: Todd Towles: "RE: TS/3389 risk on Internet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Lennert Sorth:
>Well, its certainly sent unencrypted, if not clear text.

False, false, false!
 
Please educate yourself before posting.
 
Windows 2000:
http://www.microsoft.com/windows2000/techinfo/howitworks/terminal/rdpfan
dp.asp
 
Default configuration is 56-bit, you can set this to 128-bit.
 
Windows XP:
http://www.microsoft.com/windowsxp/using/mobility/default.mspx
 
Default configuration is 128-bit
 
Windows Server 2003
http://www.microsoft.com/windowsserver2003/technologies/terminalservices
/default.mspx
 
Default configuration is 128-bit, and there is FIPS-encryption level
available (for even more security)
 
The encryption level can be configured on the server.
 
>From the RDP-Tcp Properties on Windows 2000 Advanced Server:
 
"Encryption level: Medium
 
All data sent between the client and the server is protected by
encryption based on the server's standard key strength"
 
That is the default setting!

• Next message: Rob Shein: "RE: SAP Pen-Test"
• Previous message: Randy Golly: "RE: The business/marketing of pen-testing."
• Maybe in reply to: net sec: "TS/3389 risk on Internet"
• Next in thread: Todd Towles: "RE: TS/3389 risk on Internet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:08 EDT